Bocconi University and Politecnico di Milano have assembled a dynamic and multi-disciplinary community of researchers, experts, and professors who study, analyze and apply strategies, governance, and assessment tools of cyber risk. The challenging study program they have devised addresses the key cyber-related matters faced by all types of organizations, every day.
The Master of Science in Cyber Risk Strategy and Governance gives students the tools required to understand, assess, and govern the opportunities and threats of the existing and emerging technologies used in our society. As innovative technologies are adopted, new issues arise, so students learn to look ahead, evaluate, and communicate threats before they unfold.
These prospective professionals will thus be in a position to make a major contribution to intercepting cyber risks and preventing negative impact on the performance of organizations, both private and public.
The program is highly interdisciplinary, by necessity, considering that computer technology increasingly affects almost every facet of modern life. It combines technical elements of computer science and analytical methods with a range of topics in the social sciences: management, economics, finance law, social engineering, ethics, and behavioral skills.
Applicants should ideally have multidisciplinary backgrounds. Whether their undergraduate degree is in computer science, engineering, management, or economics, it is useful to have studied a broad range of subjects and, of course, to have an interest in the prevention of and response to cyber risks.
In particular, the program aims at:
Providing solid preparation in the areas of the cyber risk assessment to identify potential vulnerability challenges that might affect the functioning and performance of any organization.
Offering multi-faceted preparation with specialized skills to tackle cyber risks from multiple and unusual perspectives.
Developing a profile blending in-depth knowledge of technical cyber issues with competencies in the social sciences that enable relations with all levels of any organization, in order to influence strategic decisions and implementation of actions to mitigate cyber risks.
This MSc program is built to prepare students to enter the job market in firms, financial institutions, other institutions in public/private sectors as well as consulting companies, with two main profiles: as Cyber Risk Managers graduates will support tasks related to cyber risk management at the organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies.
As Data Protection and Security Managers, graduates will support tasks related to data protection, privacy management, and compliance in order to govern risks on data. This job profile is explicitly required by data protection regulations in Europe as well as around the world.
Applicants to MSc in Cyber Risk Strategy and Governance are required to complete a specific application.
A Bachelor Degree in one of the following fields: Engineering, Computer Science, Business, Economics, Political Sciences.
Applicants should ideally have multidisciplinary backgrounds. It is useful to have studied a broad range of subjects and, of course, to have an interest in the prevention of and response to cyber risks.
Mission and Goals
Two of Italy’s most prestigious universities, Bocconi and Politecnico di Milano, have joint forces to prepare a new category of professionals in the field of cyber risk. The two-year program, entirely taught in English, is based on a complementary blend of their strengths: Politecnico provides top-flight technological training, while Bocconi shares its expertise on the strategic and economic fronts.
It brings together several key knowledge areas to govern cyber risk. Firstly, it offers technical competencies in the fields of computer science and technology, crucial to a deep understanding of the cyber world. Then it reviews managerial, legal and economic principles to place cyber risk into context. Students also practice the soft skills required to communicate cyber challenges.
1st semester (@PoliMi)
Seminar: Introduction to cyber risk (@Bocconi)
Four compulsory courses (@Polimi): Software methodologies and architectures for security – module 1 (Enterprise ICT architecture) and module 2 (Software engineering methodologies for security); Cybersecurity technologies, procedures, and policies; Artificial intelligence for security; Technology governance
The aim of this semester is to strengthen competencies in the fields of computer science to set the base for solid professional development in cyber risks.
2nd semester (@ Bocconi)
Seminar: Social engineering (@Polimi)
Four compulsory courses (@Bocconi): Strategy and governance for cyber risk; Cyber risk and data protection law; Methods and data analytics for risk assessment; Institutional scenarios of cyber risk
The scope of this semester is to enhance the tool kit needed to frame cybersecurity issues, to set the appropriate strategies and to govern their complexity in organizational environments.
Two Seminars: Ethical aspects of security and privacy (@ PoliMI); Soft skills (@Bocconi)
Four electives to be chosen among a selected group of courses held by both Bocconi (in 1st semester) and Politecnico (in 2nd semester) in the following topics: Data protection, Business and cyber intelligence, Blockchain and crypto assets, Machine learning in cyber risks, Computer forensics, Fintech models
Internship, Foreign Language, Thesis
This MSc program is built to prepare students to enter the job market in firms, financial institutions, other institutions in public/private sectors as well as consulting companies, with two main profiles:
Cyber Risk Managers graduates will support tasks related to cyber risk management at the organizational level in order to govern the enterprise risk by designing and implementing ad hoc strategies. In particular, they will be prepared to:
Identify cyber risks in complex organizations.
Provide advisory services to increase awareness within organizations to both IT and non-IT professionals.
Support the design and maintenance of the organization’s processes and information systems.
Contribute to setting the cyber policies of an organization to reduce the risk of vulnerability.
Perform forensic analysis of information systems and data to identify cyber crimes or frauds and their origin.
Lead data incident responses and data breach notification procedures at the enterprise level.
Data protection and security managers graduates will support tasks related to data protection, privacy management, and compliance in order to govern risks on data. They deal with any data protection matters, issues, and incidents, and play a key role in fostering a data protection culture within the organization, designing and implementing essential elements of data protection regulations. This job profile is explicitly required by data protection regulations in Europe as well as around the world. In particular, graduates will:
Design, advise, manage, and maintain procedures’ compliance with data protection laws and policies.
Conduct data protection and security assessments and develop and execute relevant project plans.
Manage an awareness-raising program to promote data privacy and security culture.
Lead data incident responses and data breach notification procedures relative to data and privacy issues.
Be the contact point for and cooperate with the relevant Data Protection Authorities when subjects exercise their individual data rights as well as supervise and advise on the response to such requests.